A cross-site scripting flaw was found in phpMyAdmin's view operations page. This issue was fixed in versions 4.1.14.3 and 4.2.7.1. Individual patches are available from the original advisory: http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php
Created phpMyAdmin tracking bugs for this issue: Affects: fedora-all [bug 1130867] Affects: epel-7 [bug 1130868]
I do not know if the older versions in EPEL 5 and 6 are affected.
EPEL 6 should be not affected (not mentioned by upstream while done on the other CVE).
phpMyAdmin-4.2.7.1-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-4.2.7.1-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-4.0.10.2-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
OpenShift currently ships phpMyAdmin-4.0.10.5 which fixes PMASA-2014-12 and all earlier issues. http://www.phpmyadmin.net/home_page/security/